Senior Product Security Engineer - Cryptography
About the role
This role is Hybrid, based in Raleigh NC, Boston MA, or Lowell MA.
Responsibilities
-
Act as the primary technical owner for auditing Go-based cryptographic implementations within OpenShift and container runtimes (CRI-O, Podman).
-
Partner with the Principal Product Security Engineer to define and implement scanner policies for detecting cryptographic assets in our build pipelines.
-
Work directly with pipeline and data teams to integrate these tools and produce a sustainable Cryptographic Bill of Materials (CBOM).
-
Partner with product teams to integrate Merkle Tree Certificate support within the portfolio’s unified security fabric.
-
Consult directly with engineers to help them audit their code, understand their dependencies (e.g., python-cryptography), and build migration plans that align with the portfolio-wide policy.
-
Create documentation, best-practice guides, and office hours to scale your expertise.
-
Define the functional requirements for and partner on the integration of new cryptographic tools, such as runtime instrumentation for core libraries.
-
Track and manage critical cryptographic dependencies across the portfolio, working with RHEL Security and other teams to resolve blockers and ensure the successful, sequential delivery of modern crypto capabilities.
Requirements
- Deep, hands-on experience in Go and Python
- Broad knowledge in applied cryptography (PKI, TLS, digital signatures)
- Strong understanding of modern cryptographic challenges, including Post-Quantum Cryptography (PQC)
- Strong understanding of OCI specifications and how container runtimes interact with cryptographic hardware (HSMs) or kernel-level providers
- Proven experience owning and delivering complex, cross-team technical projects from design to completion
- Track record of building relationships across teams and acting as a recognized go-to person
- Strong analytical skills to diagnose complex dependencies and technical blockers in a large-scale software portfolio
Qualifications
- Experience contributing to or maintaining core cryptographic libraries or security-focused Go projects
- Familiarity with SPIFFE/SPIRE or Sigstore/Cosign
- Experience with Merkle Tree implementations or binary-level runtime analysis
- Familiarity with FIPS validation processes in virtualized/containerized environments
Skills
- Multi-language Technical Expertise: Go and Python
- Applied Cryptography and PKI
- Container & Cloud-Native Security
Benefits
The salary range for this position is $131,420.00 - $216,870.00. Actual offer will be based on your qualifications.
Annual salary is one component of Red Hat’s compensation package. This position may also be eligible for bonus, commission, and/or equity.
For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience.
Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.